OSV-2022-403

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-403.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-403
Published
2022-05-09T00:00:48.738027Z
Modified
2022-12-03T00:15:46.871208Z
Summary
Heap-use-after-free in dwg_add_handleref
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47319

Crash type: Heap-use-after-free READ 8
Crash state:
dwg_add_handleref
dwg_add_STYLE
decode_preR13_section
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
5514add433990bd19845bb5591b44f187487230f
Fixed
7209631ce9b38244dd5ac69da8e21cb9478c24e8

Affected versions

0.*

0.12.4.4590
0.12.4.4598
0.12.4.4601
0.12.4.4606
0.12.4.4607
0.12.4.4608
0.12.4.4613
0.12.4.4615
0.12.4.4635
0.12.4.4637
0.12.4.4641
0.12.4.4643
0.12.4.4647
0.12.4.4652
0.12.4.4654
0.12.4.4658
0.12.4.4660

Ecosystem specific 

{
    "severity": "HIGH"
}